WO2023228623A1 - Système de chiffrement, et procédé de chiffrement - Google Patents

Système de chiffrement, et procédé de chiffrement Download PDF

Info

Publication number
WO2023228623A1
WO2023228623A1 PCT/JP2023/015148 JP2023015148W WO2023228623A1 WO 2023228623 A1 WO2023228623 A1 WO 2023228623A1 JP 2023015148 W JP2023015148 W JP 2023015148W WO 2023228623 A1 WO2023228623 A1 WO 2023228623A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
communication
decryption
information
transmission line
Prior art date
Application number
PCT/JP2023/015148
Other languages
English (en)
Japanese (ja)
Inventor
三好孝典
清水晶太
伊澤真人
加藤勇夫
Original Assignee
住友電気工業株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 住友電気工業株式会社 filed Critical 住友電気工業株式会社
Publication of WO2023228623A1 publication Critical patent/WO2023228623A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation

Definitions

  • the present disclosure relates to an encryption system and method.
  • This application claims priority based on Japanese Patent Application No. 2022-85213 filed on May 25, 2022, and the entire disclosure thereof is incorporated herein.
  • Patent Document 1 Japanese Unexamined Patent Publication No. 2001-7797 discloses the following encrypted communication system. That is, in a cryptographic communication system, a plurality of terminal devices are connected to a network via a cryptographic device having a table in which at least terminal information and cryptographic key information are associated and registered. a confirmation means for confirming whether or not encryption key information corresponding to the terminal information and application type exists in the table when communication data is received from a terminal device; and a confirmation means for registering the corresponding encryption key information by the confirmation means.
  • the key search packet transmitting means transmits a key search packet in which the terminal information, application type, and encryption key information of the communication data are set, and the key search packet transmitted by the key search packet transmitting means Based on the key search response packet returned from the destination terminal device in response to the packet, the table of the cryptographic device that is the source of the key search packet and each cryptographic device located on the relay route that relays the key search packet is stored. and setting means for setting encryption key information corresponding to the application type.
  • Patent Document 2 Japanese Patent Laid-Open No. 2020-145672 discloses a method of exchanging a combined encryption key between a first node and a second node, as described below. That is, in the method, the first node and the second node are connected through a first communication network and a second communication network, the first communication network is a quantum communication network, and the information is weak. the first node and the second node exchange one or more first cryptographic keys over the first communication network; the one or more first cryptographic keys such that the first node and the second node share knowledge of the combined cryptographic key. and the one or more second encryption keys to form the combined encryption key.
  • the encryption system of the present disclosure includes a management device, an encryption device, and a decryption device, and the encryption device and the decryption device are connected to each other via a first transmission line that is a physical transmission path.
  • the management device transmits cryptographic information regarding the encryption method used in the encryption device and the decryption device to the encryption device and the decryption device, and the encryption device transmits the cryptographic information regarding the encryption method used in the encryption device and the decryption device.
  • Generate encrypted data by encrypting the communication data based on the encryption information transmit the generated encrypted data to the decryption device via the first transmission line, and send the encrypted data to the decryption device via the first transmission line. performs a decryption process on the encrypted data received from the encryption device via the first transmission line, based on the encryption information received from the management device.
  • An encryption method of the present disclosure is an encryption method in an encryption system including a management device, an encryption device, and a decryption device, the encryption device and the decryption device being a physical transmission path. are connected to each other via a first transmission line, and the management device transmits cryptographic information regarding an encryption method used in the encryption device and the decryption device to the encryption device and the decryption device; An encryption device generates encrypted data by encrypting communication data based on the encryption information received from the management device, and transmits the generated encrypted data to the first transmission line. transmitting the encrypted data to the decryption device via the first transmission line, and the decryption device transmits the encrypted data received from the encryption device via the first transmission line based on the encryption information received from the management device. and a step of performing decryption processing.
  • One aspect of the present disclosure can be realized not only as an encryption system including such a characteristic processing unit, but also as a program for causing a computer to execute such characteristic processing steps, It can be realized as a semiconductor integrated circuit that realizes part or all of the system.
  • FIG. 1 is a diagram showing the configuration of an encryption system according to a first embodiment of the present disclosure.
  • FIG. 2 is an example of a correspondence table held by the management device and communication device according to the first embodiment of the present disclosure.
  • FIG. 3 is a diagram illustrating an example of a sequence of encrypted communication in the encryption system according to the first embodiment of the present disclosure.
  • FIG. 4 is a diagram showing the configuration of an encryption system according to the second embodiment of the present disclosure.
  • FIG. 5 is a diagram showing the configuration of an encryption system according to a third embodiment of the present disclosure.
  • FIG. 6 is a diagram showing the configuration of an encryption system according to the fourth embodiment of the present disclosure.
  • the present disclosure has been made to solve the above-mentioned problems, and its purpose is to provide an encryption system and an encryption method that can further improve security in a network.
  • An encryption system includes a management device, an encryption device, and a decryption device, and the encryption device and the decryption device are connected to a first are connected to each other via transmission lines, the management device transmits cryptographic information regarding the encryption method used in the encryption device and the decryption device to the encryption device and the decryption device, and the encryption device , generate encrypted data by encrypting communication data based on the encryption information received from the management device, and decrypt the generated encrypted data via the first transmission line. and the decryption device decrypts the encrypted data received from the encryption device via the first transmission line based on the encryption information received from the management device.
  • the management device sends encryption information regarding the encryption method to the encryption device and decryption device, and the encryption device and decryption device perform encryption processing and encryption of communication data based on the encryption information received from the management device. Even if the encryption method is decrypted by an unauthorized device, the management device can change the encryption method and perform encryption and decryption processing according to the changed encryption method. Therefore, it is possible to realize robust encrypted communication in which communication data is difficult to be intercepted by, for example, only one successful attack. Therefore, security in the network can be further improved.
  • the management device may transmit the encrypted information to the encryption device and the decryption device via a second transmission line different from the first transmission line. good.
  • the encryption method selected by the management device can be notified to the encryption device and the decryption device more safely.
  • the management device, the encryption device, and the decryption device may hold correspondence information indicating a correspondence relationship between the encryption information and the encryption method;
  • the management device may refer to the correspondence information and transmit the encryption information corresponding to the encryption method used in the encryption device and the decryption device to the encryption device and the decryption device; may refer to the correspondence information and perform encryption processing on the communication data according to the encryption method corresponding to the encryption information received from the management device, and the decryption device refers to the correspondence information.
  • the encrypted data may be decrypted according to the encryption method corresponding to the encryption information received from the management device.
  • the encryption method selected by the management device can be notified to the encryption device and the decryption device more safely with a simple configuration.
  • the management device may select the encryption method used in the encryption device and the decryption device depending on the confidentiality of the communication data. .
  • the management device selects the encryption method used in the encryption device and the decryption device depending on the real-time property required of the communication data. You can.
  • the encryption system may include a plurality of the management devices, and the encryption device receives the plurality of information received from the plurality of management devices, respectively.
  • the communication data may be encrypted according to the encryption method specified based on the encryption information, and the decryption device specifies the communication data based on the plurality of encryption information respectively received from the plurality of management devices.
  • the encrypted data may be decrypted according to the encryption method.
  • the encryption method used in the encryption device and decryption device will not be deciphered.
  • the encryption method used in the encryption device and the decryption device can be notified to the encryption device and the decryption device more securely.
  • a plurality of logical transmission paths may be formed using the first transmission line, and the management device
  • the encryption information indicating a target transmission path that is a target of encrypted communication among the transmission paths may be transmitted to the encryption device and the decryption device, and the encryption device
  • the communication data transmitted through the transmission path may be encrypted, and the decryption device decrypts the encrypted data transmitted through the target transmission path indicated by the encryption information. Good too.
  • multiple communication data can be transmitted using multiple transmission paths, and encrypted communication can be performed on the target transmission path among the multiple transmission paths, making it difficult for the communication data to be intercepted. I can do it.
  • the encryption method of the present disclosure is an encryption method in an encryption system including a management device, an encryption device, and a decryption device, wherein the encryption device and the decryption device perform physical transmission.
  • the management device sends encryption information regarding the encryption method to the encryption device and decryption device, and the encryption device and decryption device perform encryption processing and encryption of communication data based on the encryption information received from the management device. For example, even if the encryption method is decrypted by an unauthorized device, the management device changes the encryption method and performs encryption and decryption processing according to the changed encryption method. Therefore, it is possible to realize robust encrypted communication in which communication data is difficult to be intercepted by, for example, only one successful attack. Therefore, security in the network can be further improved.
  • FIG. 1 is a diagram showing the configuration of an encryption system according to a first embodiment of the present disclosure.
  • encryption system 301 includes a management device 201 and a plurality of communication devices 101.
  • communication devices 101A and 101B are representatively shown as the communication device 101.
  • the communication device 101A is an example of an encryption device.
  • Communication device 101B is an example of a decoding device.
  • the encryption system 301 is used in networks in industrial control systems such as factories and plants.
  • the communication device 101 is, for example, a PLC (Programmable Logic Controller) for controlling a robot, sensor, or actuator.
  • PLC Programmable Logic Controller
  • the plurality of communication devices 101 are connected to each other via a transmission line 1 that is a physical transmission path.
  • Transmission line 1 is an example of a first transmission line.
  • the transmission line 1 is, for example, a transmission line that complies with the CAN (Controller Area Network) (registered trademark) standard.
  • the transmission line 1 may be a transmission line that conforms to the Ethernet (registered trademark) standard, or may be a transmission line for serial communication that conforms to standards such as RS (Recommended Standard)-232C, RS-422A, and RS-485. It may be.
  • the communication devices 101A and 101B may be connected via a WAN (Wide Area Network).
  • WAN Wide Area Network
  • the encryption system 301 may be used in a home network or an in-vehicle network.
  • the communication device 101 and the management device 201 are an in-vehicle ECU (Electronic Control Unit).
  • the management device 201 is connected to a plurality of communication devices 101 via a transmission line 2, which is a physical transmission path.
  • Transmission line 2 is an example of a second transmission line.
  • the transmission line 2 is, for example, a transmission line that complies with the CAN standard.
  • the transmission line 2 may be a transmission line that conforms to the Ethernet standard, or may be a transmission line for serial communication that conforms to standards such as RS (Recommended Standard)-232C, RS-422A, and RS-485. good.
  • the communication device 101 performs encrypted communication via the transmission line 1.
  • the communication device 101A generates encrypted data by encrypting communication data periodically or irregularly, and transmits a frame including the generated encrypted data to the communication device 101B via the transmission line 1.
  • the communication device 101B receives a frame from the communication device 101A via the transmission line 1, and decrypts the encrypted data included in the received frame.
  • the communication device 101B periodically or irregularly transmits a frame including encrypted data to the communication device 101A via the transmission line 1.
  • the communication device 101A receives a frame from the communication device 101B via the transmission line 1, and decrypts the encrypted data included in the received frame.
  • the management device 201 includes a method selection section 81 and a storage section 82. Part or all of the method selection unit 81 is realized by, for example, a processing circuit including one or more processors.
  • the storage unit 82 is, for example, a nonvolatile memory included in the processing circuit.
  • the communication device 101 includes a communication section 11, a processing section 21, and a security processing section 51.
  • the security processing section 51 includes a receiving section 61 , a method specifying section 62 , a cryptographic processing section 63 , and a storage section 64 .
  • a part or all of the communication section 11, the processing section 21, the receiving section 61, and the method specifying section 62 are realized by, for example, a processing circuit including one or more processors.
  • the cryptographic processing unit 63 is realized by, for example, an FPGA (Field-Programmable Gate Array).
  • the storage unit 64 is, for example, a nonvolatile memory included in the processing circuit.
  • the security processing unit 51 may be built into the communication device 101 or may be built into an external adapter or connector connected to the communication device 101.
  • the storage unit 64 in the communication device 101 stores an encryption key used in encrypted communication between the communication devices 101.
  • FIG. 2 is an example of a correspondence table held by the management device and communication device according to the first embodiment of the present disclosure.
  • storage unit 82 in management device 201 and storage unit 64 in communication device 101 store correspondence table Tb1 indicating the correspondence between method numbers and encryption methods used in encrypted communication between communication devices 101. I remember.
  • the correspondence table Tb1 is an example of correspondence information.
  • the encryption method corresponding to the method number "101” is “PRESENT”
  • the encryption method corresponding to the method number "102” is “CLEFIA”
  • the encryption method corresponding to the method number "103” is “PRESENT”.
  • SIMON the encryption method corresponding to the method number "104”
  • SPECK the encryption method corresponding to the method number "201” is “ChaCha20”
  • PRESENT, CLEFIA, SIMON, and SPECK are lightweight cryptographic block ciphers, and the encryption strength is 80 bits or more.
  • PRESENT, CLEFIA, SIMON, and SPECK are commonly used for cryptographic communications, are fast, and have low implementation costs.
  • ChaCha20, Enocoro-128 v2, Enocoro-80, and Trivium are lightweight encryption stream ciphers, and the encryption strength is 80 bits or more. ChaCha20, Enocoro-128 v2, Enocoro-80, and Trivium are generally used for encrypted communication, are fast, have low implementation cost, and have high real-time performance.
  • AES and Camellia are common key cryptosystems listed in the e-government recommended cipher list, and have a cryptographic strength of 128 bits or more.
  • AES and Camellia are generally used for encrypted communication and have high encryption strength.
  • RSA and elliptic curve cryptography are public key cryptosystems listed in the e-government recommended cipher list, and have a cryptographic strength of 128 bits or more. RSA and elliptic curve cryptography are generally used for key exchange and electronic signatures, have high cryptographic strength, and do not require management of a communication partner's private key.
  • the management device 201 transmits cryptographic information regarding the cryptographic method used in the communication devices 101A, 101B to the communication devices 101A, 101B.
  • the method selection unit 81 in the management device 201 selects an encryption method to be used in encrypted communication between the communication devices 101A and 101B.
  • the method selection unit 81 selects the type of application that generates the communication data transmitted in the communication devices 101A, 101B, the operation mode of the industrial control system in which the encryption system 301 is used, and the type of application that generates the communication data transmitted in the communication devices 101A, 101B.
  • the encryption method is selected depending on the confidentiality of the communication data.
  • the scheme selection unit 81 refers to the correspondence table Tb1 in the storage unit 82 and obtains the scheme number corresponding to the selected encryption scheme.
  • the scheme selection unit 81 generates cryptographic information including the acquired scheme number, and transmits the frame containing the generated cryptographic information via a physically independent transmission line 2 that is different from the transmission line 1 for encrypted communication. It is transmitted to communication devices 101A and 101B.
  • the receiving unit 61 receives a frame from the management device 201 via the transmission line 2, and acquires cryptographic information from the received frame.
  • the receiving section 61 outputs the acquired cryptographic information to the method specifying section 62.
  • the scheme identifying unit 62 receives the cryptographic information from the receiving unit 61, refers to the correspondence table Tb1 in the storage unit 64, and identifies the cryptographic scheme corresponding to the scheme number indicated by the received cryptographic information. Further, the method specifying unit 62 acquires an encryption key used in the specified encryption method from the storage unit 64. The method identifying section 62 outputs cryptographic setting information indicating the identified cryptographic method and the acquired cryptographic key to the cryptographic processing section 63.
  • the cryptographic processing unit 63 encrypts communication data addressed to another communication device 101 and performs other communications according to the cryptographic scheme indicated by the cryptographic setting information received from the scheme specifying unit 62, using the cryptographic key indicated by the cryptographic setting information.
  • the encrypted data received from the device 101 is decrypted.
  • the method selection unit 81 is not limited to the configuration that selects the standardized encryption method described above, and can select any non-standardized encryption method.
  • the communication device 101A generates encrypted data by encrypting communication data based on the encryption information received from the management device 201, and transmits the generated encrypted data to the communication device 111B via the transmission line 1. Send to.
  • the communication device 101A refers to the correspondence table Tb1 and performs an encryption process on communication data according to the encryption method corresponding to the encryption information received from the management device 201.
  • the processing unit 21 in the communication device 101A periodically or irregularly generates communication data addressed to the communication device 101B.
  • the processing unit 21 outputs the generated communication data to the encryption processing unit 63.
  • the encryption processing unit 63 in the communication device 101A receives communication data from the processing unit 21 and encrypts the received communication data according to the encryption method indicated by the encryption setting information received from the method identification unit 62.
  • the cryptographic processing section 63 outputs encrypted data, which is encrypted communication data, to the processing section 21 .
  • the processing unit 21 in the communication device 101A receives encrypted data from the encryption processing unit 63 and outputs the received encrypted data to the communication unit 11.
  • the communication unit 11 in the communication device 101A includes the encrypted data received from the processing unit 21 in a frame and transmits the frame to the communication device 101B via the transmission line 1.
  • the communication device 101B performs decryption processing on the encrypted data received from the communication device 111A via the transmission line 1 based on the encryption information received from the management device 201.
  • the communication device 101B refers to the correspondence table Tb1 and performs decryption processing on the encrypted data according to the encryption method corresponding to the encryption information received from the management device 201.
  • the communication unit 11 in the communication device 101B receives a frame from the communication device 101A via the transmission line 1, and acquires encrypted data from the received frame.
  • the communication unit 11 outputs the acquired encrypted data to the processing unit 21.
  • the processing unit 21 in the communication device 101B receives encrypted data from the communication unit 11 and outputs the received encrypted data to the encryption processing unit 63.
  • the encryption processing unit 63 in the communication device 101B receives encrypted data from the processing unit 21 and decrypts the received encrypted data using the encryption method indicated by the encryption setting information received from the method identification unit 62, thereby performing communication. Get data.
  • the cryptographic processing unit 63 outputs the acquired communication data to the processing unit 21.
  • the processing unit 21 in the communication device 101B processes the communication data received from the encryption processing unit 63.
  • the method selection unit 81 in the management device 201 dynamically switches the encryption method used in the communication devices 101A and 101B. More specifically, the method selection unit 81 periodically or irregularly includes encrypted information in a frame and transmits the frame to the communication devices 101A and 101B via the transmission line 2.
  • the method selection unit 81 further transmits timing information indicating the switching timing of the encryption method to the communication devices 101A and 101B via the transmission line 2.
  • the timing information may be information including absolute time indicating the switching timing, information including relative time based on the previous switching timing, or information such as a clock for synchronizing the switching timing. It may also be a timing signal.
  • the receiving section 61 outputs the timing information received from the management device 201 via the transmission line 2 to the method specifying section 62.
  • the scheme specifying unit 62 receives timing information from the receiving unit 61 and notifies the cryptographic processing unit 63 of the switching timing indicated by the received timing information.
  • the encryption processing section 63 switches the encryption method at the switching timing notified from the method identification section 62.
  • the method selection unit 81 periodically switches the encryption method at a frequency depending on the confidentiality of communication data transmitted in the communication devices 101A and 101B.
  • the method selection unit 81 switches the encryption method from PRESENT to CLEFIA and SIMON in this order at switching timing according to a predetermined switching cycle Cc.
  • the method selection unit 81 switches the encryption method from PRESENT to CLEFIA while the communication devices 101A and 101B are encrypting communication data and decrypting encrypted data according to PRESENT. , sends cryptographic information including "102" as the method number to the communication devices 101A and 101B via the transmission line 2. Further, the scheme selection unit 81 further transmits timing information indicating the switching timing from PRESENT to CLEFIA to the communication devices 101A and 101B via the transmission line 2.
  • the method selection unit 81 selects a method number in order to switch the encryption method from CLEFIA to SIMON while the communication devices 101A and 101B are encrypting communication data and decrypting encrypted data according to CLEFIA.
  • the encrypted information including "103" is transmitted to the communication devices 101A and 101B via the transmission line 2.
  • the method selection unit 81 further transmits timing information indicating the timing of switching from CLEFIA to SIMON to the communication devices 101A and 101B via the transmission line 2.
  • the method selection unit 81 may be configured to switch the encryption method at random timing instead of periodically switching the encryption method.
  • the scheme selection unit 81 may be configured to transmit cryptographic information including a random number as a scheme number to the communication devices 101A and 101B via the transmission line 2.
  • the method selection unit 81 may be configured to create a switching plan for encryption methods and transmit encryption information including a plurality of method numbers based on the created switching plan to the communication devices 101A and 101B via the transmission line 2.
  • a configuration may be adopted in which timing information indicating a plurality of switching timings based on a switching plan is transmitted to the communication devices 101A and 101B via the transmission line 2.
  • the method selection unit 81 selects an encryption method to be used in the communication devices 101A, 101B depending on the confidentiality of communication data transmitted in the communication devices 101A, 101B.
  • the method selection unit 81 holds in advance information indicating a confidential communication period, which is a period during which highly confidential communication data is transmitted in the communication devices 101A and 101B.
  • the method selection unit 81 selects a public key encryption method such as RSA and elliptic curve encryption, or a common key encryption method such as AES and Camellia, which has higher encryption strength, as the encryption method during the confidential communication period.
  • the method selection unit 81 performs encryption processing of communication data and decryption processing of encrypted data in communication devices 101A and 101B according to PRESENT whose encryption strength is 80 bits a predetermined time before the start time of the confidential communication period. If so, in order to switch the encryption method from PRESENT to AES whose encryption strength is 128 bits, encryption information including "301" as the method number is transmitted to the communication devices 101A and 101B via the transmission line 2. Further, the method selection unit 81 further transmits timing information indicating the timing of switching from PRESENT to AES to the communication devices 101A and 101B via the transmission line 2.
  • the method selection unit 81 selects the encryption method used in the communication devices 101A, 101B depending on the real-time nature required of the communication data transmitted in the communication devices 101A, 101B.
  • the method selection unit 81 holds in advance information indicating a real-time communication period, which is a period during which communication data requiring high real-time performance is transmitted in the communication devices 101A and 101B.
  • the method selection unit 81 selects stream ciphers of lightweight encryption methods such as ChaCha20, Enocoro-128 v2, Enocoro-80, and Trivium, which have higher real-time performance, as the encryption method during the real-time communication period.
  • the method selection unit 81 selects the encryption method.
  • encrypted information including "201" as the system number is transmitted to communication devices 101A and 101B via transmission line 2.
  • the scheme selection unit 81 further transmits timing information indicating the switching timing from PRESENT to ChaCha20 to the communication devices 101A and 101B via the transmission line 2.
  • the method selection unit 81 may switch encryption methods by combining some or all of switching examples 1 to 3.
  • FIG. 3 is a diagram illustrating an example of a sequence of encrypted communication in the encryption system according to the first embodiment of the present disclosure.
  • FIG. 3 shows the sequence of switching example 1 described above.
  • communication device 101A generates encrypted data by encrypting communication data according to PRESENT corresponding to method number "101", and transmits the encrypted data by including it in a frame. It is transmitted to the communication device 101B via line 1.
  • the communication device 101B decrypts the encrypted data received from the communication device 101A according to PRESENT (step S11).
  • the management device 201 sends encryption information including "102" as the method number and timing information indicating the switching timing from PRESENT to CLEFIA via the transmission line 2.
  • the information is transmitted to the communication devices 101A and 101B (step S12).
  • the communication device 101A switches the encryption method to CLEFIA corresponding to the method number “102” indicated by the encryption information received from the management device 201 at the switching timing indicated by the timing information received from the management device 201 (step S13 ).
  • the communication device 101B switches the encryption method to CLEFIA corresponding to the method number “102” indicated by the encryption information received from the management device 201 at the switching timing indicated by the timing information received from the management device 201 (step S14). .
  • the communication device 101A generates encrypted data by encrypting the communication data according to CLEFIA, includes the generated encrypted data in a frame, and transmits the frame to the communication device 101B via the transmission line 1.
  • the communication device 101B decrypts the encrypted data received from the communication device 101A according to CLEFIA (step S15).
  • the management device 201 sends encryption information including "103" as the method number and timing information indicating the switching timing from CLEFIA to SIMON via the transmission line 2.
  • the information is transmitted to the communication devices 101A and 101B (step S16).
  • the communication device 101A switches the encryption method to SIMON corresponding to the method number “103” indicated by the encryption information received from the management device 201 at the switching timing indicated by the timing information received from the management device 201 (step S17 ).
  • the communication device 101B switches the encryption method to SIMON corresponding to the method number “103” indicated by the encryption information received from the management device 201 at the switching timing indicated by the timing information received from the management device 201 (step S18). .
  • the communication device 101A generates encrypted data by encrypting the communication data according to SIMON, includes the generated encrypted data in a frame, and transmits the frame to the communication device 101B via the transmission line 1.
  • the communication device 101B decrypts the encrypted data received from the communication device 101A according to SIMON (step S19).
  • the management device 201 creates a switching plan for switching the encryption method at the switching timing according to the switching cycle Cc, and in step S12 includes "102" and "103" as the method number based on the created switching plan.
  • Encryption information and timing information indicating switching timing from PRESENT to CLEFIA and switching timing from CLEFIA to SIMON may be transmitted to the communication devices 101A and 101B via the transmission line 2. In this case, the management device 201 does not perform the process of step S16.
  • the storage unit 82 in the management device 201 and the storage unit 64 in the communication device 101 store the method number and the encryption method used in encrypted communication between the communication devices 101.
  • the configuration is such that the correspondence table Tb1 indicating the correspondence relationship is stored, the present invention is not limited to this.
  • the storage unit 82 and the storage unit 64 may have a configuration in which the correspondence table Tb1 is not stored.
  • the method selection unit 81 in the management device 201 sends the encryption information including the algorithm of the selected encryption method itself to the communication devices 101A, 101B instead of sending the encryption information including the method number to the communication devices 101A, 101B. do.
  • the encryption system 301 has a configuration in which the management device 201 is connected to the communication device 101 via the transmission line 2, the configuration is not limited to this.
  • the management device 201 may have a configuration in which it is not connected to the communication device 101 via the transmission line 2.
  • the method selection unit 81 in the management device 201 transmits a frame including cryptographic information to the communication devices 101A and 101B by wireless communication.
  • the method selection unit 81 in the management device 201 is configured to transmit timing information to the communication devices 101A and 101B via the transmission line 2. It is not limited to.
  • the scheme selection unit 81 may be configured to transmit timing information to the communication device 101A via the transmission line 2, but not to transmit timing information to the communication device 101B.
  • the encryption processing unit 63 in the communication device 101A switches the encryption method at the switching timing indicated by the timing information received by the reception unit 61.
  • the encryption processing section 63 includes information indicating that the encryption method is to be switched in the communication data received from the processing section 21, and generates the communication data including the information by encrypting the communication data.
  • the encrypted data is output to the processing unit 21.
  • the processing unit 21 in the communication device 101A outputs the encrypted data received from the encryption processing unit 63 to the communication device 101B via the communication unit 11 and the transmission line 1.
  • the encryption method is often fixed. Therefore, if the encryption is decrypted by an unauthorized device, all communication data transmitted thereafter may be intercepted by the unauthorized device. Further, in the technology described in Patent Document 1, only one transmission path is used to form a VPN (Virtual Private Network), and the security strength is low. Further, the technology described in Patent Document 2 uses photons to distribute the common key, and the implementation cost is high.
  • VPN Virtual Private Network
  • the management device 201 transmits encryption information regarding the encryption method used in the communication devices 101A, 101B to the communication devices 101A, 101B.
  • the communication device 101A generates encrypted data by encrypting communication data based on the encryption information received from the management device 201.
  • the communication device 101B performs decryption processing on the encrypted data based on the encryption information received from the management device 201.
  • the management device 201 transmits encryption information regarding the encryption method to the communication devices 101A, 101B, and the communication devices 101A, 101B perform encryption processing and processing of communication data based on the encryption information received from the management device 201.
  • the management device 201 can change the encryption method and perform the encryption and decryption processing according to the changed encryption method. Therefore, it is possible to realize robust encrypted communication in which communication data is difficult to be intercepted by, for example, only one successful attack.
  • the encryption key is switched between the communication devices 101A and 101B
  • the encryption key after switching can be easily changed. It will be deciphered.
  • the management device 201 can change the encryption method so that the changed encryption method can be used. It's not easy to decipher. Therefore, security in the network can be further improved.
  • This embodiment relates to an encryption system 302 in which communication data and encrypted information are multiplexed on the transmission line 1, compared to the encryption system 301 according to the first embodiment.
  • the contents other than those described below are the same as the encryption system 301 according to the first embodiment.
  • FIG. 4 is a diagram showing the configuration of an encryption system according to the second embodiment of the present disclosure.
  • the encryption system 302 includes a communication device 102 instead of the communication device 101, and the management device 201 is connected to a plurality of communication devices 102 via the transmission line 1. has been done.
  • communication devices 102A and 102B are representatively shown as the communication device 102.
  • the communication device 102A is an example of an encryption device.
  • Communication device 102B is an example of a decoding device.
  • different logical transmission paths 1n and 1m are formed using the transmission line 1. That is, two logical paths are formed on the physical transmission line 1.
  • the communication device 101 performs encrypted communication via the transmission path 1m.
  • the communication device 102 includes a communication section 12 instead of the communication section 11, and a security processing section 52 instead of the security processing section 51.
  • the security processing section 52 does not include the receiving section 61, unlike the security processing section 51.
  • the method selection unit 81 transmits the frame containing the encryption information to the communication devices 102A and 102B via the transmission line 1.
  • the method selection unit 81 transmits a frame containing cryptographic information to the communication devices 102A and 102B via a logically independent transmission path 1n that is different from the transmission path 1m for cryptographic communication. More specifically, the method selection unit 81 transmits the encrypted information to the communication devices 102A and 102B by frequency division multiplexing, time division multiplexing, or code division multiplexing the encrypted information on the transmission line 1 through which communication data is transmitted. do.
  • the scheme selection unit 81 further transmits the timing information to the communication devices 102A and 102B via the transmission path 1n by frequency division multiplexing, time division multiplexing, or code division multiplexing the timing information on the transmission line 1.
  • the communication unit 12 receives a frame from the management device 201 via the transmission path 1n, and acquires cryptographic information from the received frame.
  • the communication unit 12 outputs the acquired cryptographic information to the method identification unit 62.
  • the communication unit 12 also outputs timing information received from the management device 201 via the transmission path 1n to the method identification unit 62.
  • the method specifying unit 62 receives the encryption information from the communication unit 12, refers to the correspondence table Tb1 in the storage unit 64 to specify the encryption method, and acquires from the storage unit 64 the encryption key used in the specified encryption method.
  • the method identifying section 62 outputs cryptographic setting information indicating the identified cryptographic method and the acquired cryptographic key to the cryptographic processing section 63. Further, the scheme specifying unit 62 notifies the cryptographic processing unit 63 of the switching timing indicated by the timing information received from the communication unit 12.
  • the encryption processing unit 63 switches the encryption method according to the encryption setting information received from the method identification unit 62 at the switching timing notified from the method identification unit 62.
  • the processing unit 21 in the communication device 102A periodically or irregularly generates communication data addressed to the communication device 102B, and outputs the generated communication data to the cryptographic processing unit 63.
  • the cryptographic processing unit 63 in the communication device 102A generates encrypted data by encrypting the communication data received from the processing unit 21, and outputs the generated encrypted data to the processing unit 21.
  • the processing unit 21 in the communication device 102A receives encrypted data from the encryption processing unit 63 and outputs the received encrypted data to the communication unit 12.
  • the communication unit 12 in the communication device 102A includes the encrypted data received from the processing unit 21 in a frame and transmits the frame to the communication device 102B via the transmission path 1m.
  • the communication unit 12 in the communication device 102B receives a frame from the communication device 102A via the transmission path 1m, acquires encrypted data from the received frame, and outputs the acquired encrypted data to the processing unit 21.
  • the processing unit 21 in the communication device 102B receives encrypted data from the communication unit 12 and outputs the received encrypted data to the encryption processing unit 63.
  • the encryption processing unit 63 in the communication device 102B receives encrypted data from the processing unit 21, obtains communication data by decrypting the received encrypted data, and outputs the obtained communication data to the processing unit 21.
  • the processing unit 21 in the communication device 102B processes the communication data received from the encryption processing unit 63.
  • This embodiment relates to an encryption system 303 that includes a plurality of management devices 202, compared to the encryption system 301 according to the first embodiment.
  • the contents other than those described below are the same as the encryption system 301 according to the first embodiment.
  • FIG. 5 is a diagram showing the configuration of an encryption system according to the third embodiment of the present disclosure.
  • the encryption system 303 includes a communication device 103 instead of the communication device 101, management devices 202A, 202B, which are the management device 202 instead of the management device 201, 202C.
  • the communication device 103 communication devices 103A and 103B are representatively shown.
  • the communication device 103A is an example of an encryption device.
  • Communication device 103B is an example of a decoding device.
  • the encryption system 303 may have a configuration including two or four or more management devices 202.
  • different logical transmission paths 2a, 2b, and 2c are formed using the transmission line 2. That is, three logical paths are formed on the physical transmission line 2.
  • the communication device 103 includes a security processing section 53 instead of the security processing section 51.
  • the security processing section 53 includes a method identification section 65 instead of the method identification section 62 compared to the security processing section 51 .
  • the management devices 202A, 202B, and 202C are connected to the plurality of communication devices 101 via the transmission line 2.
  • the management device 202 includes a method selection unit 83 instead of the method selection unit 81.
  • a method selection unit 83 in each of the management devices 202A, 202B, and 202C selects an encryption method to be used in encrypted communication between the communication devices 103A and 103B.
  • Each method selection section 83 refers to the correspondence table Tb1 in the storage section 82 and obtains the method number corresponding to the selected encryption method.
  • the method selection unit 83 in the management device 202A generates cryptographic information C1 including the first digit value of the acquired method number, and sends a frame containing the generated cryptographic information C1 to the communication devices 103A and 103B via the transmission line 2. Send to.
  • the scheme selection unit 83 in the management device 202B generates cryptographic information C2 including the second digit value of the acquired scheme number, and transmits the frame including the generated cryptographic information C2 to the communication device 103A via the transmission line 2. , 103B.
  • the scheme selection unit 83 in the management device 202C generates cryptographic information C3 including the third digit value of the acquired scheme number, and transmits the frame including the generated cryptographic information C3 to the communication device 103A via the transmission line 2. , 103B.
  • the method selection unit 83 in the management device 202A transmits a frame including the encryption information C2 to the communication devices 103A and 103B via the transmission path 2a. Further, the method selection unit 83 in the management device 202B sends the frame containing the cryptographic information C2 to the communication devices 103A and 103B via a logically independent transmission path 2b that is different from the transmission path 2a for the cryptographic information C1. Send. In addition, the method selection unit 83 in the management device 202C sends the frame containing the cryptographic information C3 to a logically independent transmission path 2b that is separate from the transmission path 2b for the cryptographic information C1 and the transmission path 2b for the cryptographic information C2.
  • the data is transmitted to the communication devices 103A and 103B via. That is, the management devices 202A, 202B, and 202C perform frequency division multiplexing, time division multiplexing, or code division multiplexing of the cryptographic information C1, C2, and C3 on the transmission line 2, thereby transmitting the cryptographic information C1, C2, and C3 to the communication devices 102A, 102B.
  • the communication device 103A performs encryption processing of communication data according to an encryption method specified based on a plurality of pieces of encryption information respectively received from a plurality of management devices 202.
  • the communication device 103B performs decryption processing on the encrypted data according to the encryption method specified based on the plurality of pieces of encryption information respectively received from the plurality of management devices 202.
  • the receiving unit 61 receives frames from the management devices 202A, 202B, and 202C via the transmission line 2, respectively, and acquires cryptographic information C1, C2, and C3 from the received frames, respectively. do.
  • the receiving section 61 outputs the acquired cryptographic information C1, C2, and C3 to the method specifying section 65.
  • the scheme specifying unit 65 receives the cryptographic information C1, C2, and C3 from the receiving unit 61, and determines the scheme by combining the value indicated by the cryptographic information C1, the value indicated by the cryptographic information C2, and the value indicated by the cryptographic information C3. Get the number. Then, the scheme identifying unit 65 refers to the correspondence table Tb1 in the storage unit 64 and identifies the encryption scheme corresponding to the acquired scheme number. Further, the method specifying unit 65 acquires an encryption key used in the specified encryption method from the storage unit 64. The method identifying section 65 outputs cryptographic setting information indicating the identified cryptographic method and the acquired cryptographic key to the cryptographic processing section 63.
  • the cryptographic processing unit 63 in the communication device 103A encrypts communication data addressed to the communication device 103B according to the cryptographic method indicated by the cryptographic setting information received from the method specifying unit 65, using the cryptographic key indicated by the cryptographic setting information. .
  • the encryption processing unit 63 in the communication device 103B decrypts the encrypted data received from the communication device 103A according to the encryption method indicated by the encryption setting information received from the method specifying unit 65, using the encryption key indicated by the encryption setting information. conduct.
  • the management devices 202A, 202B, and 202C are connected to the plurality of communication devices 101 via the transmission line 2; It is not limited.
  • the management devices 202A, 202B, and 202C may be connected to a plurality of communication devices 101 via physically different transmission lines.
  • the method selection unit 83 in the management device 202B transmits the frame containing the cryptographic information C2 to the communication devices 103A and 103B via a physically independent transmission line that is different from the transmission line for the cryptographic information C1. do.
  • the method selection unit 83 in the management device 202C sends the frame containing the cryptographic information C3 via a physically independent transmission line that is different from the transmission line for the cryptographic information C1 and the transmission line for the cryptographic information C2. It is transmitted to communication devices 103A and 103B.
  • the communication device 103A is identified based on the plural pieces of cryptographic information C1, C2, and C3 received from the management devices 202A, 202B, and 202C, respectively.
  • the communication data is encrypted according to the encryption method.
  • the communication device 103B performs decryption processing on the encrypted data according to the encryption method specified based on the encryption information C1, C2, and C3 received from the management devices 202A, 202B, and 202C, respectively.
  • the present embodiment relates to an encryption system 304 in which encrypted communication is performed via a plurality of transmission paths.
  • the contents other than those described below are the same as the encryption system 301 according to the first embodiment.
  • FIG. 6 is a diagram showing the configuration of an encryption system according to the fourth embodiment of the present disclosure.
  • encryption system 304 includes communication device 104 instead of communication device 101 and management device 203 instead of management device 201, compared to encryption system 301.
  • communication devices 104A and 104B are representatively shown as communication devices 104.
  • the communication device 104A is an example of an encryption device.
  • Communication device 104B is an example of a decoding device.
  • different logical transmission paths 1a, 1b, and 1c are formed using the transmission line 1. That is, three logical paths are formed on the physical transmission line 1.
  • the communication device 104 includes a communication section 13 instead of the communication section 11, a processing section 22 instead of the processing section 21, and a security processing section 54 instead of the security processing section 51.
  • the security processing section 54 includes a method specifying section 66 instead of the method specifying section 62 and a cryptographic processing section 67 instead of the cryptographic processing section 63 compared to the security processing section 51 .
  • the management device 203 includes a method selection section 84 instead of the method selection section 81.
  • the communication device 104 transmits a plurality of divided communication data via logically independent transmission paths 1a, 1b, and 1c.
  • the communication settings such as the order in which communication data is linked in the transmission paths 1a, 1b, and 1c are determined in advance by the management device 203.
  • the communication devices 104A and 104B acquire communication setting information indicating the communication setting contents determined by the management device 203 in advance.
  • the communication device 104A transmits the plurality of divided communication data to the communication device 104B via the transmission paths 1a, 1b, and 1c according to the connection order indicated by the communication setting information.
  • the communication device 104B connects a plurality of pieces of communication data received via the transmission paths 1a, 1b, and 1c according to the connection order indicated by the communication setting information.
  • the method selection unit 84 in the management device 203 selects a target transmission path, which is a transmission path to be used for encrypted communication, among the transmission paths 1a, 1b, and 1c, and an encryption method. For example, the system selection unit 84 selects the transmission paths 1a and 1b as the target transmission paths.
  • the method selection unit 84 refers to the correspondence table Tb1 in the storage unit 82, obtains the method number corresponding to the selected encryption method, generates encryption information including the obtained method number and the selected target transmission path, and generates The frame containing the encrypted information is transmitted to the communication devices 104A and 104B via the transmission line 2.
  • the receiving unit 61 receives a frame from the management device 201 via the transmission line 2, and acquires cryptographic information from the received frame.
  • the receiving unit 61 outputs the acquired cryptographic information to the method specifying unit 66.
  • the scheme identifying unit 66 receives the cryptographic information from the receiving unit 61, refers to the correspondence table Tb1 in the storage unit 64, identifies the cryptographic scheme corresponding to the scheme number indicated by the received cryptographic information, and specifies the cryptographic scheme in the identified cryptographic scheme.
  • the encryption key to be used is acquired from the storage unit 64.
  • the method identifying section 66 outputs to the cryptographic processing section 67 cryptographic setting information indicating the target transmission path indicated by the cryptographic information, the identified cryptographic method, and the acquired cryptographic key.
  • the cryptographic processing unit 67 encrypts communication data addressed to another communication device 104 and performs other communications according to the cryptographic scheme indicated by the cryptographic setting information received from the scheme specifying unit 66, using the cryptographic key indicated by the cryptographic setting information.
  • the encrypted data received from the device 104 is decrypted.
  • the communication device 104A performs an encryption process on communication data Da and Db to be transmitted via the target transmission path indicated by the encryption information.
  • the processing unit 22 in the communication device 104A transmits communication data Da to be transmitted to the communication device 101B via the transmission path 1a, communication data Db to be transmitted to the communication device 101B via the transmission path 1b, and transmission path 1c. , and outputs the generated communication data Da, Db, and Dc to the cryptographic processing unit 67.
  • the encryption processing unit 67 in the communication device 104A receives the communication data Da, Db, Dc from the processing unit 22, and encrypts the communication data Da, Db according to the connection order indicated by the communication setting information and the target transmission path indicated by the encryption setting information. It encrypts according to the encryption method indicated by the setting information, and outputs encrypted data Dax and Dbx, which are encrypted communication data Da and Db, to the processing unit 22.
  • the cryptographic processing unit 67 outputs the communication data Dc to the processing unit 22 without encrypting it according to the target transmission path indicated by the cryptographic setting information.
  • the processing unit 22 in the communication device 104A receives the encrypted data Dax, Dbx and unencrypted communication data Dc from the encryption processing unit 67, and sends the received encrypted data Dax, Dbx and communication data Dc to the communication unit 13. Output.
  • the communication unit 13 in the communication device 104A includes the encrypted data Dax, Dbx and communication data Dc received from the processing unit 22 in a frame, and transmits them to the communication device 104B via the transmission line 1. More specifically, the communication unit 13 transmits the encrypted data Dax, Dbx and the communication data Dc to the communication device 104B via the transmission paths 1a, 1b, 1c, respectively.
  • the communication device 104B performs decryption processing on the encrypted data Dax and Dbx transmitted via the target transmission path indicated by the encryption information.
  • the communication unit 13 in the communication device 104B receives a frame from the communication device 104A via the transmission line 1, and obtains encrypted data Dax, Dbx and communication data Dc from the received frame.
  • the communication unit 13 outputs the acquired encrypted data Dax, Dbx and communication data Dc to the processing unit 22.
  • the processing unit 22 in the communication device 104B receives the encrypted data Dax, Dbx and communication data Dc from the communication unit 13, and outputs the received encrypted data Dax, Dbx and communication data Dc to the encryption processing unit 67.
  • the encryption processing unit 67 in the communication device 104B receives the encrypted data Dax, Dbx and the communication data Dc from the processing unit 22, and processes the encrypted data Dax according to the connection order indicated by the communication setting information and the target transmission path indicated by the encryption setting information. , Dbx using the encryption method indicated by the encryption setting information to obtain the communication data Da, Db, and output the obtained communication data Da, Db to the processing unit 22.
  • the cryptographic processing unit 67 outputs the communication data Dc to the processing unit 22 without decoding it according to the target transmission path indicated by the cryptographic setting information.
  • the processing unit 22 in the communication device 104B concatenates the communication data Da, Db, and Dc received from the cryptographic processing unit 67 according to the transmission order indicated by the cryptographic setting information, and processes the concatenated communication data Da, Db, and Dc.
  • Each process (each function) of the above-described embodiment is realized by a processing circuit (Circuitry) including one or more processors.
  • the processing circuit may include an integrated circuit or the like in which one or more memories, various analog circuits, and various digital circuits are combined.
  • the one or more memories store programs (instructions) that cause the one or more processors to execute each of the above processes.
  • the one or more processors may execute each of the above processes according to the program read from the one or more memories, or may execute each of the above processes according to a logic circuit designed in advance to execute each of the above processes. May be executed.
  • the above processors include a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), a DSP (Digital Signal Processor), and an FPGA (Field Programming Unit). rammable Gate Array) and ASIC (Application Specific Integrated Circuit), etc., which are compatible with computer control. processor.
  • the plurality of physically separated processors may cooperate with each other to execute each of the above processes.
  • the processors installed in each of a plurality of physically separated computers cooperate with each other via networks such as a LAN (Local Area Network), a WAN (Wide Area Network), and the Internet to perform each of the above processes. May be executed.
  • the above program may be installed in the above memory from an external server device etc.
  • CD-ROM Compact Disc Read Only Memory
  • DVD-ROM Digital Versatile Disk Read Only Memory
  • semiconductors It may be distributed in a state stored in a recording medium such as a memory, and installed into the memory from the recording medium.
  • a management device an encryption device; and a decoding device
  • the encryption device and the decryption device are connected to each other via a first transmission line that is a physical transmission path
  • the management device transmits cryptographic information regarding an encryption method used in the encryption device and the decryption device to the encryption device and the decryption device
  • the encryption device generates encrypted data by encrypting communication data based on the encryption information received from the management device, and transmits the generated encrypted data to the first transmission line.
  • the decryption device performs a decryption process on the encrypted data received from the encryption device via the first transmission line based on the encryption information received from the management device,
  • the management device is an encryption system in which the management device switches the encryption method used in the encryption device and the decryption device, and further transmits timing information indicating switching timing of the encryption method to the encryption device and the decryption device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Ce système de chiffrement comprend un dispositif de gestion, un dispositif de chiffrement, et un dispositif de déchiffrement. Le dispositif de chiffrement et le dispositif de déchiffrement sont connectés l'un à l'autre par l'intermédiaire d'une première ligne de transmission, qui est un trajet de transmission physique. Le dispositif de gestion transmet, au dispositif de chiffrement et au dispositif de déchiffrement, des informations cryptographiques relatives à un schéma cryptographique, qui est utilisé dans le dispositif de chiffrement et le dispositif de déchiffrement. Le dispositif de chiffrement transmet, au dispositif de déchiffrement, par l'intermédiaire de la première ligne de transmission, des données de communication chiffrées en réalisant un processus de chiffrement sur la base des informations cryptographiques reçues en provenance du dispositif de gestion. Le dispositif de déchiffrement réalise un processus de déchiffrement sur les données de communication reçues en provenance du dispositif de chiffrement, par l'intermédiaire de la première ligne de transmission, sur la base des informations cryptographiques reçues en provenance du dispositif de gestion.
PCT/JP2023/015148 2022-05-25 2023-04-14 Système de chiffrement, et procédé de chiffrement WO2023228623A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2022-085213 2022-05-25
JP2022085213 2022-05-25

Publications (1)

Publication Number Publication Date
WO2023228623A1 true WO2023228623A1 (fr) 2023-11-30

Family

ID=88919117

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2023/015148 WO2023228623A1 (fr) 2022-05-25 2023-04-14 Système de chiffrement, et procédé de chiffrement

Country Status (1)

Country Link
WO (1) WO2023228623A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH01212041A (ja) * 1988-02-18 1989-08-25 Hitachi Ltd 暗号化通信システム
JPH0916678A (ja) * 1995-06-30 1997-01-17 Canon Inc 暗号通信装置及び暗号通信システム
JP2004242225A (ja) * 2003-02-10 2004-08-26 M Soft:Kk 暗号処理における暗号化、復号化に伴う復号鍵データのデータ管理システム。
JP2009177684A (ja) * 2008-01-28 2009-08-06 N-Crypt Lab Inc 送受信システム、送信装置、受信装置、それらで実行される方法、並びにプログラム

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH01212041A (ja) * 1988-02-18 1989-08-25 Hitachi Ltd 暗号化通信システム
JPH0916678A (ja) * 1995-06-30 1997-01-17 Canon Inc 暗号通信装置及び暗号通信システム
JP2004242225A (ja) * 2003-02-10 2004-08-26 M Soft:Kk 暗号処理における暗号化、復号化に伴う復号鍵データのデータ管理システム。
JP2009177684A (ja) * 2008-01-28 2009-08-06 N-Crypt Lab Inc 送受信システム、送信装置、受信装置、それらで実行される方法、並びにプログラム

Similar Documents

Publication Publication Date Title
KR101088420B1 (ko) 데이터 암호 처리 방법 및 장치
EP3157225B1 (fr) Ccnx chiffré
JP3901909B2 (ja) 暗号化装置およびプログラムを記録した記録媒体
US6351539B1 (en) Cipher mixer with random number generator
JPH0969830A (ja) 暗号通信システム
CN107852406B (zh) 用于控制分组数据的加密多播发送的方法和装置
US20060188098A1 (en) Encryption/decryption device, communication controller, and electronic instrument
US20070180270A1 (en) Encryption/decryption device, communication controller, and electronic instrument
KR101608815B1 (ko) 폐쇄형 네트워크에서 암복호화 서비스 제공 시스템 및 방법
US7894608B2 (en) Secure approach to send data from one system to another
US20180159681A1 (en) Method for safeguarding the information security of data transmitted via a data bus and data bus system
CN112332940B (zh) 一种基于时间同步网络的数据传输方法及相关设备
CN113544999A (zh) 一次性密码本加密集线器
WO2023228623A1 (fr) Système de chiffrement, et procédé de chiffrement
CN113206815A (zh) 用于加解密的方法、可编程交换机和计算机程序产品
KR102481024B1 (ko) 데이터 암호화를 위해 수행되는 데이터 처리 방법, 장치, 시스템 및 컴퓨터 프로그램
KR20060011999A (ko) Des 알고리즘에 의거한 암호화 기법
KR20060058789A (ko) 홈 네트워크 시스템에서의 데이터 보안 방법 및 장치
JPH0677954A (ja) 任意選択的ステータスエンコーディングを有する暗号処理装置及び方法
JP2006203739A (ja) 暗号方法、その方法を利用した装置およびプログラム
US20220247728A1 (en) Method for processing telegrams in an automation network, automation network, master subscriber and subscriber
JP2017060083A (ja) 通信装置および暗号通信方法
JP2018116123A (ja) ゲートウエイ装置およびゲートウエイシステム
KR100261155B1 (ko) 이더넷 랜 시스템
CN113890733A (zh) 一种基于安全通信的网关系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23811501

Country of ref document: EP

Kind code of ref document: A1